MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e610af420add602c83e3cf56613ce2d25a448822721de59b59841d59f707304. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e610af420add602c83e3cf56613ce2d25a448822721de59b59841d59f707304
SHA3-384 hash: 1c8ac9ffbdfeca3ac643f28a545fa27c61a1f69b78ea00154b7c2e41d5c3eaee23cf0020af70e2bdc3f65fcedfcb04f9
SHA1 hash: f0cbf6794d7b6bd650c75f59df3ac4dd2a4450fc
MD5 hash: 3ca4ddccbb437df7862315f0dee4e4d6
humanhash: uranus-oven-skylark-carolina
File name:Quotation.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 08:16:37 UTC
Last seen:2020-05-21 08:52:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5e1969123c6f975db107f024fd28e95d (1 x GuLoader)
ssdeep 768:G6ekeC9Fm0HVRwABY+JxU9olRFWmoor8knen8/mBXJ7lbdt/uv/fKkWpSCJ:gkxm01RwYYJ9KbH7e8/wZ7z92FgH
Threatray 1'255 similar samples on MalwareBazaar
TLSH 32A3E761F568ECB1D92C47FE2F744698212BFD348C63DA0774CA7A1D06F2A89E870356
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: qq.com
Sending IP: 59.36.132.88
From: AD <ad@rxtechvn.com>
Subject: RE: Italian || Quote and Price List Request
Attachment: QUOTATION.img (contains "Quotation.exe")

GuLoader payload URL:
http://45.132.241.148/tt/gud_oKWgE232.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.12509.32182.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 08:27:00 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fzqqv5bavxlafsb6ht2wme6ofus2isece4q54wnvtba5lh3qomca._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
06750ac0faac65082e722d5d7e8ccad6d9ceb5cd74faf3a9dca25be553e756e7
GuLoader
0fa3607af6cb9101d40fd17880c344ffd219bc64511c6a93e743033afea0a1ee
GuLoader
11de084924b529df84b9c2c04845a186f10c8a0475e34f6eb379d949f35756fe
GuLoader
460a85fda060cc0c8ab5a1aace37dc1f14bc400f4a3b011e613f64e0000c77b6
GuLoader
52aeea8a255442f1560a6c237fb9c6d5223e7de9eb3340d29f81803df963ee8a
GuLoader
6523cec93d68e38809ee7a9da3121fd5e535d2755828f668aa507a0b0d18b1e4
GuLoader
a55a495af0977a693b67da780d734c4a8fe65bcc0a54f06079d79ac60c555200
GuLoader
d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c
GuLoader
dcafd8ba263cf7e448be257a8d25c968a0060908f93f9d02a068bb0dd482879f
GuLoader
f6d7d1d828b5cee30b58eb471720d990a4f411ac366e0bb79c8f56e854dd98cd
GuLoader
+ 1'245 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-1gbdqf268x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img acffceba094270c1e690f7989971916db895f89262aa583351335360cdf6b1b6

GuLoader

Executable exe 2e610af420add602c83e3cf56613ce2d25a448822721de59b59841d59f707304

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365783/
  
Dropped by
MD5 13c31700517d07e92d7108ad2643465a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 acffceba094270c1e690f7989971916db895f89262aa583351335360cdf6b1b6
  
URLhaus
https://urlhaus.abuse.ch/url/365834/

Comments